Controlling Access to Enterprise Centers Using a Dynamic Enterprise Control System

ABSTRACT

Arrangements for dynamic enterprise center access control are provided. In some examples, a user device may be detected and current location and/or user data associated with the detected device may be requested. Upon receiving the location data, a current geographic location of the user device may be determined and an enterprise center at or near the geographic location may be identified. Received user data may be analyzed to identify a user and retrieve access preferences associated with the user. Based on the access preferences, a command to lock or unlock a door (e.g., permit or disable access) to an area within the enterprise center, the enterprise center in general, or the like, may be generated and transmitted to a computing device for execution. Accordingly, the system may activate desired locking configurations based on user preferences. Upon detecting that the user is no longer at the enterprise center, a command to return to default settings may be generated, transmitted and executed.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to co-pendingU.S. application Ser. No. 17/899,919, filed Aug. 31, 2022, and entitled“Controlling Access to Enterprise Centers Using a Dynamic EnterpriseControl System,” which is a continuation of and claims priority to U.S.application Ser. No. 16/550,494 (now U.S. Pat. No. 11,477,650), filedAug. 26, 2019, and entitled “Controlling Access to Enterprise CentersUsing a Dynamic Enterprise Control System,” which is incorporated hereinby reference in their entirety.

BACKGROUND

Aspects of the disclosure relate to electrical computers, systems, anddevices for identifying and executing dynamic enterprise center accesscontrols. In particular, one or more aspects of the disclosure relate tocontrolling access to enterprise centers using a dynamic enterprisecontrol system.

Personal security and privacy are important to consumers. However, eachperson may have different expectations for maintaining privacy atdifferent types of locations. Many locations use default security orprivacy settings which may be sufficient but might not meet expectationsof all consumers. Accordingly, it would be advantageous to provide asystem for enabling customized access controls that may be dynamicallyexecuted to aid in maintaining personal privacy and security.

SUMMARY

The following presents a simplified summary in order to provide a basicunderstanding of some aspects of the disclosure. The summary is not anextensive overview of the disclosure. It is neither intended to identifykey or critical elements of the disclosure nor to delineate the scope ofthe disclosure. The following summary merely presents some concepts ofthe disclosure in a simplified form as a prelude to the descriptionbelow.

Aspects of the disclosure provide effective, efficient, scalable, andconvenient technical solutions that address and overcome the technicalproblems associated with providing dynamic, customized control of accessto enterprise centers.

In some examples, one or more users may register with a system.Registering with the system may include providing user information,device information, and access control preferences for each user. Afterregistering with the system, a registered user device may be detected(e.g., by signals emitted from the user device) and current locationand/or user data associated with the detected device may be requested.

Upon receiving the location data, a current geographic location of theuser device may be determined and an enterprise center at or near thegeographic location may be identified. A type of enterprise center maybe identified and it may be confirmed that the enterprise center or typeof enterprise center permits customized user access controls.

Upon confirming that the enterprise center or type of enterprise centerpermits customized user access controls, user data may be analyzed toidentify a user and retrieve access preferences associated with theuser. Based on the access preferences, an instruction, signal or commandto lock or unlock a door (e.g., permit or disable access) to an areawithin the enterprise center, the enterprise center in general, or thelike, may be generated and transmitted to a computing device forexecution. Accordingly, the system may activate desired lockingconfigurations based on user preferences. Upon detecting that the useris no longer at the enterprise center, an instruction, signal or commandto return to default settings may be generated, transmitted andexecuted.

These features, along with many others, are discussed in greater detailbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements and in which:

FIGS. 1A and 1B depict an illustrative computing environment forimplementing user customized access control functions in accordance withone or more aspects described herein;

FIGS. 2A-2F depict an illustrative event sequence for implementing usercustomized access control functions in accordance with one or moreaspects described herein;

FIG. 3 illustrates one example user interface that may be generatedaccording to one or more aspects described herein;

FIG. 4 is a schematic diagram of one example enterprise center that mayimplement one or more user customized access control functions accordingto one or more aspects described herein;

FIG. 5 depicts an illustrative method for implementing and using usercustomized access control functions according to one or more aspectsdescribed herein;

FIG. 6 illustrates one example operating environment in which variousaspects of the disclosure may be implemented in accordance with one ormore aspects described herein; and

FIG. 7 depicts an illustrative block diagram of workstations and serversthat may be used to implement the processes and functions of certainaspects of the present disclosure in accordance with one or more aspectsdescribed herein.

DETAILED DESCRIPTION

In the following description of various illustrative embodiments,reference is made to the accompanying drawings, which form a parthereof, and in which is shown, by way of illustration, variousembodiments in which aspects of the disclosure may be practiced. It isto be understood that other embodiments may be utilized, and structuraland functional modifications may be made, without departing from thescope of the present disclosure.

It is noted that various connections between elements are discussed inthe following description. It is noted that these connections aregeneral and, unless specified otherwise, may be direct or indirect,wired or wireless, and that the specification is not intended to belimiting in this respect.

Some aspects of the disclosure relate to dynamic control of access toone or more enterprise centers, or locations or areas within anenterprise center. As discussed above, information privacy and personalsecurity are concerns for customers of various businesses. The abilityto customize access controls for a particular user may provideadditional security and peace of mind for a user.

Accordingly, as discussed herein, aspects are directed to dynamicallycontrolling access to one or more enterprise centers or areas within anenterprise center. A user's location may be determined and an enterprisecenter at the location may be identified. In some examples, user accesspreferences may be retrieved and executed to activate or actuate one ormore locks in order to enable to disable access to an area via one ormore doors or other access devices. Upon leaving the enterprise center,the access controls may be returned to default settings.

These and various other arrangements will be discussed more fully below.

FIGS. 1A-1C depict an illustrative computing environment forimplementing and using a system for dynamic, customized access controlin accordance with one or more aspects described herein. Referring toFIG. 1A, computing environment 100 may include one or more computingdevices and/or other computing systems. For example, computingenvironment 100 may include user customized access control computingplatform 110, a first internal access control computing system 120, asecond internal access control computing system 125, a first local usercomputing device 150, a second local user computing device 155, a firstremote user computing device 170, and a second remote user computingdevice 175. Although two internal access control computing systems areshown in FIG. 1A, more or fewer computing systems may be used withoutdeparting from the invention.

User customized access control computing platform 110 may be configuredto provide intelligent, dynamic customized access control. In someexamples, the user customized access control computing platform 110 maydetect a user device. For instance, short-range wireless communicationssuch as Bluetooth™, WiFi, or other technology may be used to detect auser device, such as a mobile computing device, smartphone, laptopcomputer, tablet computer, or the like. In some examples, detecting thedevice may include receiving device identifying information and/or useridentifying information. Additionally or alternatively, the usercustomized access control computing platform 110 may generate a requestfor user information and/or device information and may transmit therequest to the detected device.

Upon receiving data from the user device, the user customized accesscontrol computing platform 110 may identify device identifyinginformation and user identifying information. In some examples, the usercustomized access control computing platform 110 may determine a currentlocation of the user device (and, consequently, the user). For instance,global navigation satellite systems (GNSS), such as global positioningsystems (GPS), or the like, may be used to capture location informationfrom the mobile device. Additionally or alternatively, a detectingdevice, such as a location beacon, may be positioned at a particularlocation and location data may be determined based on detection of thelocation beacon by the user device.

In some examples, the location data may be first location data and mayprovide a geographic location of a user (e.g., address, intersection,longitude and latitude, or the like). In some arrangements, a secondlocation, at a more granular level may be determined. For instance, oneor more location beacons may be arranged within a structure.Accordingly, upon detection of a location beacon by the user device (orvice versa), a more granular position of the user device (and user)within the structure may be determined. This second location data may beused to identify and initiate one or more customized user accesscontrols, as will be discussed more fully herein.

The user customized access control computing platform 110 may, based onat least the first location data, determine whether the detectedlocation (e.g., first location) is eligible for customized accesscontrols. If not, a notification may be transmitted to the user deviceand the process may end. If so, the identified user information may beused to retrieve one or more pre-stored access control preferences. Forinstance, a user within a structure including a self-service kiosk andan additional enclosed room for having further conferences tointeraction with an agent via real-time video streaming may identify apreference that, when within the enclosed room, the door should belocked to users from the outside but the user within the room may beable to open the door from the inside. In some examples in which a useris in a vestibule having a single self-service kiosk (e.g., automatedteller machine (ATM)), the user may identify a preference that the doorto the vestibule may remain locked to users outside the vestibule (e.g.,even to users with permission to enter (e.g., an ATM card, or the like),but the user inside the vestibule may be able to open the door from theinside. Accordingly, even users authorized to access the vestibule maybe prevented from accessing the vestibule until the user is finished,based on the user preferences. Various other preferences may bepre-stored without departing from the invention.

Upon retrieving the user preferences, the user customized access controlcomputing platform 110 may evaluate the location of the user (e.g., typeof location, number of locks, arrangement of locks, and the like) andmay generate one or more instructions, commands or signals to activateor actuate one or more mechanical or electronic locks at the location(e.g., first location, second location within the first location, or thelike). The instruction, command or signal may be transmitted to aninternal access control computing system 120, 125 (or the like) locatedat the location which may execute the instruction, command or signal toactivate or actuate the locks. In some examples, internal access controlcomputing systems 120, 125 may be omitted and the user customized accesscontrol computing platform 110 may directed activate or actuate the oneor more locks.

In some examples, the user customized access control computing platform110 may further generate one or more notifications to the userindicating that user access preferences have been initiated oractivated. Accordingly, the user may be notified (e.g., via the userdevice) that his or her preferences have been activated and may knowthat particular doors are locked or unlocked, as desired, based on thepre-stored preferences.

Internal access control computing system 120 and internal access controlcomputing system 125 may be computing systems associated with (e.g.,operated by, owned by, or the like) the entity implementing the usercustomized access control computing platform 110. Internal accesscontrol computing system 120, internal access control computing system125, and the like, may include one or more desktop computers, laptopcomputers, servers, and the like. In some examples, internal accesscontrol computing system 120 and/or internal access control computingsystem 125 may store data and/or execute processes to control access toa location and/or area (e.g., within a location). In some examples,internal access control computing system 120 and/or internal accesscontrol computing system 125 may be a self-service kiosk, such as anATM, a video agent device enabling real-time video communication betweena user and an agent, or the like. Accordingly, the internal accesscontrol computing system 120, and/or internal access control computingsystem 125 may perform multiple functions at a particular area orlocation and, in some examples, may be configured to activate orinitiate one or more access controls, such as activating or actuating amechanical or electronic lock. In some examples, activating and/oractuating a mechanical or electronic lock may include executing aninstruction to actuate the lock, executing an instruction to magnetizeor demagnetize a device maintaining position of a lock, or the like.

Local user computing device 150, 155 and remote user computing device170, 175 may be configured to communicate with and/or connect to one ormore computing devices or systems shown in FIG. 1A. For instance, localuser computing device 150, 155 may communicate with one or morecomputing systems or devices via network 190, while remote usercomputing device 170, 175 may communicate with one or more computingsystems or devices via network 195. In some examples, local usercomputing device 150, 155 may be used to access one or more entitysystems, functions or processes. In some examples, local user computingdevice 150, 155 may be used to access the user customized access controlcomputing platform 110 to control parameters of the system, update orexecute rules, modify settings, and the like. In some arrangements, oneor more of local user computing device 150, local user computing device155, remote user computing device 170, and/or remote user computingdevice 175 may be used to receive notifications, display one or moreinteractive user interfaces or dashboards, receive user input requestingmodifications, and the like.

The remote user computing device 170 and remote user computing device175 may be used to communicate with, for example, user customized accesscontrol computing platform 110. For instance, remote user computingdevices 170, 175 may include user computing devices, such as mobiledevices including smartphones, tablets, laptop computers, and the like,that may detect or be detected by the user customized access controlcomputing platform 110 (and/or device associated therewith) to determinelocation, identify a user and/or device, display notifications, and thelike. In some examples, remote user computing device 170 and/or remoteuser computing device 175 may be used to register a user or device withthe system or entity implementing the user customized access controlcomputing platform 110, provide user and/or device information, provideuser access control preferences, and the like.

In one or more arrangements, internal access control computing system120, internal access control computing system 125, local user computingdevice 150, local user computing device 155, remote user computingdevice 170, and/or remote user computing device 175 may be any type ofcomputing device or combination of devices configured to perform theparticular functions described herein. For example, internal accesscontrol computing system 120, internal access control computing system125, local user computing device 150, local user computing device 155,remote user computing device 170, and/or remote user computing device175 may, in some instances, be and/or include server computers, desktopcomputers, laptop computers, tablet computers, smart phones, or the likethat may include one or more processors, memories, communicationinterfaces, storage devices, and/or other components. As noted above,and as illustrated in greater detail below, any and/or all of internalaccess control computing system 120, internal access control computingsystem 125, local user computing device 150, local user computing device155, remote user computing device 170, and/or remote user computingdevice 175 may, in some instances, be special-purpose computing devicesconfigured to perform specific functions.

Computing environment 100 also may include one or more computingplatforms. For example, and as noted above, computing environment 100may include user customized access control computing platform 110. Asillustrated in greater detail below, user customized access controlcomputing platform 110 may include one or more computing devicesconfigured to perform one or more of the functions described herein. Forexample, user customized access control computing platform 110 mayinclude one or more computers (e.g., laptop computers, desktopcomputers, servers, server blades, or the like).

As mentioned above, computing environment 100 also may include one ormore networks, which may interconnect one or more of user customizedaccess control computing platform 110, internal access control computingsystem 120, internal access control computing system 125, local usercomputing device 150, local user computing device 155, remote usercomputing device 170, and/or remote user computing device 175. Forexample, computing environment 100 may include private network 190 andpublic network 195. Private network 190 and/or public network 195 mayinclude one or more sub-networks (e.g., Local Area Networks (LANs), WideArea Networks (WANs), or the like). Private network 190 may beassociated with a particular organization (e.g., a corporation,financial institution, educational institution, governmentalinstitution, or the like) and may interconnect one or more computingdevices associated with the organization. For example, user customizedaccess control computing platform 110, internal access control computingsystem 120, internal access control computing system 125, local usercomputing device 150, and local user computing device 155, may beassociated with an organization (e.g., a financial institution), andprivate network 190 may be associated with and/or operated by theorganization, and may include one or more networks (e.g., LANs, WANs,virtual private networks (VPNs), or the like) that interconnect usercustomized access control computing platform 110, internal accesscontrol computing system 120, internal access control computing system125, local user computing device 150, local user computing device 155,and one or more other computing devices and/or computer systems that areused by, operated by, and/or otherwise associated with the organization.Public network 195 may connect private network 190 and/or one or morecomputing devices connected thereto (e.g., user customized accesscontrol computing platform 110, internal access control computing system120, internal access control computing system 125, local user computingdevice 150, local user computing device 155) with one or more networksand/or computing devices that are not associated with the organization.For example, remote user computing device 170, remote user computingdevice 175, might not be associated with an organization that operatesprivate network 190 (e.g., because remote user computing device 170,remote user computing device 175, may be owned, operated, and/orserviced by one or more entities different from the organization thatoperates private network 190, such as a second entity different from theentity, one or more customers of the organization, one or more employeesof the organization, public or government entities, and/or vendors ofthe organization, rather than being owned and/or operated by theorganization itself), and public network 195 may include one or morenetworks (e.g., the internet) that connect remote user computing device170, remote user computing device 175, to private network 190 and/or oneor more computing devices connected thereto (e.g., user customizedaccess control computing platform 110, internal access control computingsystem 120, internal access control computing system 125, local usercomputing device 150, local user computing device 155).

Referring to FIG. 1B, user customized access control computing platform110 may include one or more processors 111, memory 112, andcommunication interface 113. A data bus may interconnect processor(s)111, memory 112, and communication interface 113. Communicationinterface 113 may be a network interface configured to supportcommunication between user customized access control computing platform110 and one or more networks (e.g., private network 190, public network195, or the like). Memory 112 may include one or more program moduleshaving instructions that when executed by processor(s) 111 cause usercustomized access control computing platform 110 to perform one or morefunctions described herein and/or one or more databases that may storeand/or otherwise maintain information which may be used by such programmodules and/or processor(s) 111. In some instances, the one or moreprogram modules and/or databases may be stored by and/or maintained indifferent memory units of user customized access control computingplatform 110 and/or by different computing devices that may form and/orotherwise make up user customized access control computing platform 110.

For example, memory 112 may have, store and/or include a registrationmodule 112 a. Registration module 112 a may store instructions and/ordata that may cause or enable the user customized access controlcomputing platform 110 to receive registration information from one ormore users, devices, or the like. For instance, a user may registerhimself or herself (e.g., provide identifying information, contactinformation, authentication credential information, and the like), aswell as his or her device (e.g., provide identifying information (e.g.,MAC address, IMEI, phone number, or the like). The data may be receivedfrom a user device, such as remote user computing device 170 and/orremote user computing device 175. In some examples, a user may registermore than one device (e.g., a smartphone as well as a tablet computer,laptop computer, smartwatch or other wearable device, or the like). Theregistration module 112 a may also receive user preference data. Forinstance, once the user is registered, the user may be prompted toinput, via one or more interactive user interfaces, one or more userpreferences for access control, such as how and/or when doors should belocked in different locations or types of locations, and the like). Theregistration module 112 a may then store this data in a database bygenerating a new record in the database.

User customized access control computing platform 110 may further have,store and/or include location detection/evaluation module 112 b.Location detection/evaluation module 112 b may store instructions and/ordata that may cause or enable the user customized access controlcomputing platform 110 to detect a location of a user device, such as aregistered mobile or other user device associated with a registereduser. In some examples, detecting the location of the user device mayinclude detecting, based on an emitted Bluetooth™, WiFi, or othersignal, the user device. In some arrangements, a signal from the userdevice may be detected by the location detection/evaluation module 112 bwhile, in other arrangements, the user device may detect a signalemitted from the location detection/evaluation module 112 b and may senda response signal that may be detected by the locationdetection/evaluation module 112 b.

Upon detecting the user device, the location detection/evaluation module112 b may analyze a signal detected and/or associated data to determinea location of the user. In some examples, the location may be determinedbased on the device being within a predefined proximity of the locationdetection/evaluation module 112 b or other device detecting signals andin communication with location detection/evaluation module 112 b. Forinstance, internal access control computing systems 120 and/or 125 maybe arranged at various locations and may detect user devices andcommunicate the detection of the devices to the locationdetection/evaluation module 112 b. Because a signal may be detectedwithin a predefined range, the location of the user device may bedetermined based on the signal being detected within the range.

In some examples, detection of the user device may cause a request forlocation information to be transmitted to the user (e.g., request forGPS or other location data). The user device may then generate and sendlocation response data to the location detection/evaluation module 112 band the location detection/evaluation module 112 b may then determine alocation of the user device based on the location response data.

Once the location data is determined, a type of enterprise centerlocation may be determined. For instance, an entity or enterpriseimplementing the user customized access control computing platform 110may include or be comprised of a plurality of enterprise centers. Eachenterprise center may be at a particular geographic location and mayinclude a plurality of sub-locations within the enterprise center orwithin the determined geographic location. In some examples, anenterprise center or type of enterprise center may include a branch oroffice of the entity or enterprise, a vestibule having at least one ATMor other self-service kiosk therein, an advanced center that may includeone or more areas or interior rooms having closing and/or locking doorsor other access devices for privacy and may include one or more ATMs orother self-service kiosks, conference rooms, video-chat enabled rooms,and the like, as well as other types of centers.

Accordingly, upon determining the location of the user device, anenterprise center at the location may be identified and a type ofenterprise center may be determined. Based on the type of enterprisecenter, the location detection/evaluation module 112 b may determinewhether customized user access preference may be implemented at theenterprise center, or whether default access controls will beimplemented. This determination may be based on a number of self-servicekiosks in a vestibule or area, a configuration of the enterprise centeror type of enterprise center, or the like.

In some examples, the sub-location within the location may be determined(e.g., based on location beacons arranged in various parts of theenterprise center) and the sub-location may also be used in identifyinguser preferences.

User customized access control computing platform 110 may further have,store and/or include a user identification module 112 c. The useridentification module 112 c may store instructions and/or data that maycause or enable the user customized access control computing platform110 to identify, based on data received from the user device, a userassociated with the user device. For instance, a unique identifier orother data received from the user device upon detection of the userdevice (and/or in response to a request for data from the user device)may be received and analyzed to identify a user associated with thedevice. For instance, the user identification module 112 c may receivethe device or device identifying information and may use that as inputin a query to look up (e.g., in a lookup table in a database) theassociated user.

Based on the identified user, pre-stored user preferences associatedwith the user may be identified. For instance, the identified user maybe used to query data stored in the access preferences module 112 d.Access preferences module 112 d may store instructions and/or data thatmay cause or enable the user customized access control computingplatform 110 to retrieve pre-stored user preferences, such as accesspreference, from a database. In some examples, the user accesspreferences may be identified for each type of enterprise center.Accordingly, in some examples, identifying or retrieving userpreferences by the access preference module 112 d may includeidentifying the type of enterprise center at the user's currentlocation.

User customized access control computing platform 110 may further have,store and/or include an instruction generation module 112 e. Instructiongeneration module 112 e may store instructions and/or data that maycause or enable the user customized access control computing platform110 to generate one or more instructions, signals, or commands toactivate or actuate a lock on a door or other access device based on theretrieved user access preferences. For instance, a user may desire tohave a conference room door in a first type of enterprise center, suchas an advance center, lock or prevent access to a person outside theroom while the user is within the conference room. In at least somearrangements, the conference room door may include a unidirectional lockthat always permits a user to exit the room through the door (e.g., thedoor is not locked to a user inside the conference room). Various otherpreference may be identified for the user.

Accordingly, based on the user preferences, type of enterprise center,and/or sub-location of the user within the enterprise center, theinstruction generation module 112 e may generate and transmit (e.g., toa lock or locking device at the enterprise center, to a computingdevice, such as internal access control computing system 120 located atthe enterprise center, or the like), the instruction, command or signalcausing the lock to activate or actuate in order to initiate the useraccess preferences.

User customized access control computing platform 110 may further have,store and/or include a user interface generation module 112 f. Userinterface generation module 112 f may store instructions and/or datathat may cause or enable the user customized access control computingplatform 110 to generate one or more interactive user interfaces thatmay notify a user that one or more user preferences have or have notbeen activated or initiated. In some examples, user interface generationmodule 112 f may generate one or more interactive user interfaces thatmay be transmitted to the user device to capture registrationinformation, receive user access preferences, and the like.

FIGS. 2A-2F depict one example illustrative event sequence forimplementing and using user customized access control functions inaccordance with one or more aspects described herein. The events shownin the illustrative event sequence are merely one example sequence andadditional events may be added, or events may be omitted, withoutdeparting from the invention.

Referring to FIG. 2A, at step 201, registration data may be received.For instance, one or more a user may provide, via, for example, a usercomputing device such as remote user computing device 170, registrationinformation. The registration information may include, for example, useridentifying name, user login credentials (e.g., username and password orpersonal identification number (PIN), biometric data, and the like),user contact information, and the like. In some examples, theregistration information may include data or information associated withone or more user devices, such as remote user computing device 170. Forinstance, device identifying information, a phone number, or the like,may be provided.

In some arrangements, the registration information may also include useraccess control preferences. For instance, as discussed herein, a usermay pre-store access preferences for one or more types of enterprisecenters. Accordingly, that information may be received by the remoteuser computing device 170 from the user (e.g., via user input into oneor more interactive user interfaces).

At step 202, a connection may be established between the remote usercomputing device 170 and user customized access control computingplatform 110. For instance, a first wireless connection may beestablished between the remote user computing device 170 and the usercustomized access control computing platform 110. Upon establishing thefirst wireless connection, a communication session may be initiatedbetween the remote user computing device 170 and the user customizedaccess control computing platform 110.

At step 203, the registration data may be transmitted from the remoteuser computing device 170 to the user customized access controlcomputing platform 110. For instance, the registration data may betransmitted during the communication session initiated upon establishingthe first wireless connection.

At step 204, the registration data may be received by the usercustomized access control computing platform 110. At step 205, aregistration record may be generated. For instance, a database may bemodified to include a new registration record including the receivedregistration data to be stored.

At step 206, a user computing device may be detected. For instance, theuser customized access control computing platform 110 (either directlyor via one or more connected devices, such as internal access controlcomputing system 120, or the like), may detect a signal from a usercomputing device, such as remote user computing device 170. In someexamples, the detected signal may be a signal emitted from the remoteuser computing device 170. Additionally or alternatively, the signalmaybe a signal transmitted in response to a signal emitted from the usercustomized access control computing platform 110 or connected device.

With reference to FIG. 2B, at step 207, a request for data may begenerated. For instance, a request for location data, device identifyingdata, user data, and the like, may be generated.

At step 208, a connection may be established between the user customizedaccess control computing platform 110 and the remote user computingdevice 170. For instance, a second wireless connection may beestablished between the user customized access control computingplatform 110 and the remote user computing device 170. In some examples,the first wireless connection may be terminated upon receiving theregistration data and the second wireless connection may be establishedafter terminating the first wireless connection. Upon establishing thesecond wireless connection, a communication session may be initiatedbetween the remote user computing device 170 and the user customizedaccess control computing platform 110.

At step 209, the generated request for data may be transmitted from theuser customized access control computing platform 110 to the remote usercomputing device 170. For instance, the request for data may betransmitted during the communication session initiated upon establishingthe second wireless connection.

At step 210, the request for data may be received by the remote usercomputing device 170. At step 211, response data may be generated by theremote user computing device. For instance, response data includingdevice identifying information, user identifying information, and/orcurrent location information (e.g., based on one or more sensors, GPS,or the like) may be extracted and response data including the extracteddata may be generated. In some examples, the generated response data mayinclude not only a general geographic location of the user device, butalso a sub-location of the user device within the location (e.g., basedon detection of a signal emitted from a location beacon at an enterprisecenter located at the location).

At step 212, the generated response data may be transmitted from theremote user computing device 170 to the user customized access controlcomputing platform 110.

With reference to FIG. 2C, at step 213, the response data may bereceived and analyzed by the user customized access control computingplatform 110. At step 214, based on the analysis, user identifying dataand/or current location data of the user's mobile device (and,consequently, the user) may be extracted.

At step 215, the location and/or sub-location of the user device may beanalyzed to determine a type of enterprise center at the location. Forinstance, geographic coordinates, an address, or the like, may beidentified based on the location information and compared to a storedlist of enterprise centers and associated geographic locations,addresses, and the like. Based on the comparing, an enterprise center atthe determined location may be identified and evaluated. For instance, atype of enterprise center may be determined, access rules associatedwith the enterprise center may be evaluated, and the like.

Based on, for example, the type of enterprise center and the accessrules associated therewith, at step 216, the user customized accesscontrol computing platform 110 may determine and/or confirm that usercustomized access controls are permitted at the enterprise center at thedetermined location. If not, a notification may be generated andtransmitted to the user.

If so, at step 217, one or more pre-stored user access preferences maybe retrieved. For instance, the user identifying information, as well asthe determined type of enterprise center, may be used to retrieve one ormore pre-stored user access preferences.

With reference to FIG. 2D, at step 218, based on the retrieved userpreferences, an instruction, signal or command to activate and/oractuate one or more locks or locking devices on a door may be generated.The instruction, signal or command may include an instruction to engagea lock or prevent one or more unauthorized users from entering an areawhile the first user (whose preferences are activated) is within theenterprise center or portion of the enterprise center.

At step 219, a connection may be established between the user customizedaccess control computing platform 110 and an internal access controlcomputing system 120 at the enterprise center. As discussed herein, theinternal access control computing system 120 may be part of anothercomputing device, such as an ATM or self-service kiosk, a video chathosting device, an associate computing device, or the like. In someexamples, the internal access control computing system 120 may be aseparate device from the other devices at the enterprise center. Thewireless connection may be a third wireless connection and may beestablished between the user customized access control computingplatform 110 and the internal access control computing system 120. Uponestablishing the third wireless connection, a communication session maybe initiated between the internal access control computing system 120and the user customized access control computing platform 110.

At step 220, the generated access instruction, command or signal may betransmitted from the user customized access control computing platform110 to the internal access control computing system 120. At step 221,the instruction, signal or command may be received and executed by theinternal access control computing system 120. Executing the accessinstruction, command or signal may cause one or more locks or lockingdevices on one or more doors or other access devices to activate ordeactivate (e.g., engage or disengage) depending on the retrieved userpreferences.

At step 222, a user interface may be generated by the user customizedaccess control computing platform 110. The user interface may include anindication or notification that the user's pre-stored preferences havebeen activated. In some examples, the user interface may include anoption for the user to select when the user has completed his or hertime at the enterprise center and will be leaving. FIG. 3 illustratesone examples user interface 300 that may be generated by the usercustomized access control computing platform 110. The user interface 300includes an indication that the user's access preferences have beenactivated. In addition, it includes a selectable option for the user toindicate that he or she is finished at the enterprise center and will beleaving.

With reference to FIG. 2E, at step 223, the generated user interface maybe transmitted from the user customized access control computingplatform 110 to the remote user computing device 170. At step 224, theuser interface may be received by the remote user computing device 170and displayed on a display of the remote user computing device 170.

At step 225, an indication of user completion may be received. In someexamples, the user indication of completion may include response datagenerated upon user input selecting an option from an interactive userinterface (such as “I'm Done” option in FIG. 3 ). Additionally oralternatively, the indication of completion may include termination ofan established wireless connection between the user customized accesscontrol computing platform 110 and the remote user computing device 170(such as second wireless connection, or the like), a scan of an area nolonger detecting the remote user computing device 170, or the like,which may be received directly by the user customized access controlcomputing platform 110 at step 227.

At step 226, a user indication of completion (e.g., received by theremote user computing device 170) may be transmitted from the remoteuser computing device 170 to the user customized access controlcomputing platform 110. In some examples, the indication of completionmay be transmitted during the communication session initiated uponestablishing the second wireless connection. In other examples, anotherwireless connection may be established prior to transmitting theindication of completion. At step 227, the indication of completion maybe received by the user customized access control computing platform110.

At step 228, the indication of completion may be analyzed and aninstruction, command or signal to return the access controls to adefault setting may be generated. For instance, upon receiving anindication that the user is leaving, the system may default to standardlocking, unlocking, or other access preferences until another registereduser is detected.

With reference to FIG. 2F, at step 229, the generated instruction,command or signal to return to default settings may be transmitted tothe internal access control computing system 120. At step 230, theinstruction, command or signal may be received and executed by theinternal access control computing system 120 and one or locks or otheraccess parameters may be returned to a default setting.

FIG. 4 illustrates one example enterprise center in which aspectsdescribed herein may be used. The example enterprise center 400 (e.g.,an advanced center) shown in FIG. 4 is merely one example type ofenterprise center and various other enterprise centers or types ofenterprise centers (e.g., a vestibule with a single ATM, a branch oroffice location, or the like) may be used without departing from theinvention.

The enterprise center 400 includes a first door 402 having a firstlocking mechanism and providing access to an interior of the enterprisecenter 400. Within the vestibule of the enterprise center are two ATMs408 and 410. More or fewer ATMs may be provided without departing fromthe invention.

The enterprise center 400 further includes two enclosed rooms 405 and407. Room 405 includes a second door 404 having a second lockingmechanism and providing access from the vestibule to an interior of room405. Room 407 includes a third door 406 having a third locking mechanismand providing access from the vestibule to an interior of room 407. Eachof the first lock, second lock and third lock may be electronic lockscontrollable (e.g., configured to be activated or actuated) viaelectronic signal. In some examples, one or more first lock, second lockand third lock may include a secondary access device, such as anelectronic access keypad, card reader, radio frequency identificationtag, or the like, that may be provide access to one or more areas. Insome examples, activating user preferences may override an authorizeduser access via the one or more secondary access devices.

In one example, a first user may arrive at enterprise center 400 and maybe detected by the user customized access control computing platform 110and/or device connected thereto. In addition, as the user moves throughthe enterprise center 400, a sub-location of the user may be determinedbased on user device detection of one or more of location beacons 412,414, and 416. The location beacon detected by the user device mayindicate a sub-location of the user in the vestibule (beacon 414), room405 (beacon 412) or room 407 (beacon 414).

In some examples, each location beacon (e.g., location beacon 412,location beacon 414, and location beacon 416 may be configured totransmit one or more radio signals that may be detected and/or receivedby other devices located in close proximity of and/or otherwise within apredetermined distance of the particular location beacon. In one or moreexamples, any and/or all of the location beacons described (e.g.,location beacon 412, location beacon 414, and location beacon 416) mayimplement Bluetooth™ Low Energy (also referred to as “Bluetooth™ LE,”“Bluetooth™ Smart,” or “BLE”) technology to transmit low-power radiosignals. The particular signal(s) transmitted by a particular locationbeacon may include one or more attributes, such as a unique identifierassigned to and/or otherwise associated with the particular locationbeacon, that may enable the particular location beacon to be identifiedby a device receiving the particular signal(s) transmitted by theparticular location beacon. As illustrated below, by detecting aparticular signal transmitted by a location beacon (which may, e.g., bepositioned at a specific location) and subsequently identifying thelocation beacon transmitting the particular signal, a computing devicemay be able to determine that it is located at and/or near the specificlocation (e.g., a sub-location) where the location beacon is positioned.

For example, in one or more arrangements discussed below, the one ormore location beacons (e.g., location beacon 412, location beacon 414,and location beacon 416) may be positioned at various points within theenterprise center illustrated in FIG. 4 . For example, beacon 412 may bein conference room 405, beacon 414 may be in the vestibule where one ormore self-service kiosks may be arranged, and beacon 416 may be inconference or video-chat enabled room 407. Each location beacon maytransmit a radio signal that may be detected and/or received by otherdevices at enterprise center 400, such as user computing device such asa mobile device, wearable device, or the like, which may enable suchdevices to determine that they are present at enterprise center 400and/or located at and/or near a particular area or sub-location ofenterprise center 400.

Upon detecting the user and obtaining location and sub-locationinformation as discussed herein, one or more user preferences may beretrieved (e.g., upon determining that enterprise center 400 permitscustomized user access preferences). Upon retrieving the userpreferences, an instruction to execute the user preferences may betransmitted to an internal access control computing system 120 forexecution. For instance, an internal access control computing system 120(which may, for example, be housed in an ATM 408, 410 or other computingdevice within the enterprise center 400) may receive and execute theinstruction to lock or unlock one or more doors based on the user accesspreferences.

For instance, a default setting may be to maintain all doors as unlockedduring normal business hours at enterprise center 400. However, if afirst user is detected and the first user preferences indicate that heor she would prefer to have a door to an interior room locked to preventaccess from the vestibule but permit egress from the room, the systemmay retrieve the preferences of the user, determine the sub-location ofthe user in one of rooms 405 and 407, and transmit an instruction tolock door 404 or 406 depending on which sub-location (e.g., room 405 or407) the user is using. Upon receiving an indication that the user isfinished, the default settings may be executed to unlock all doorsduring business hours.

In another example, a second user may have access preferences indicatingthat when he or she is in the vestibule, doors to both rooms 405 and 407should remain locked to ensure no one enters those rooms while he or sheis in the vestibule. Accordingly, the instruction may lock doors 404 and406 until the second user is finished and default settings will returnand the doors will be unlocked to permit access to rooms 405 and 407,respectively.

These example arrangements are merely some examples, and additional useraccess preferences may be pre-stored without departing from theinvention. For instance, in some examples, a user may specify differentaccess preferences for different times of day, for enterprise centers indifferent or specific geographic areas, or the like.

FIG. 5 is a flow chart illustrating one example method of implementinguser customized access controls according to one or more aspectsdescribed herein. The processes illustrated in FIG. 5 are merely someexample processes and functions. The steps shown may be performed in theorder shown, in a different order, more steps may be added, or one ormore steps may be omitted, without departing from the invention.

In some examples, one or more aspects, steps or processes described withrespect to FIG. 5 may be performed in real-time.

At step 500, registration data may be received. For instance,registration data may be received from a user device, such as remoteuser computing device 170, and may include data associated with the userdevice, with the user, with user access preferences, and the like. Theregistration data may then be stored for future user in customizingaccess controls.

At step 502, a user device, such as a registered user device may bedetected. In some examples, the user device may be detected by scanningan area around an enterprise center to detect signals emitted from auser device that may be recognized by the system. As discussed herein,detection of the user device may be performed using geo-sensing, nearfield communication, Bluetooth™ or WiFi detection, via location beacons,and the like.

At step 504, user data and location data may be requested from thedetected user device. For instance, a request to provide currentgeographic location data and user data may be generated and transmittedto the user device.

At step 506, location response data and user response data may bereceived from the user device. In some examples, the location responsedata may include address data, longitude and latitude of currentlocation, or the like. The user response data may include dataidentifying the user associated with the detected user device (e.g., byname, username, or other identifier).

At step 508, the location response data may be analyzed to determine acurrent geographic location of the user. At step 510, the determinedcurrent geographic location may be analyzed to identify an enterprisecenter at or near (e.g., within a predefined proximity of) thedetermined geographic location.

At step 512, the identified enterprise center may be evaluated todetermine a type of enterprise center and to determine whether thatenterprise center or type of enterprise center permits customized useraccess controls. If not, a notification indicated that customized useraccess controls are not permitted may be generated and transmitted tothe user device at step 514.

If, at step 512, the enterprise center does permit customized useraccess controls, the user response data may be analyzed to identify auser and retrieve pre-stored user access preferences at step 516. Forinstance, one or more user access preferences may be retrieved from, forinstance, the pre-stored registration data.

At step 518, one or more signals, instructions or commands to activateor actuate one or more electronic locks at the enterprise center topermit or deny access to one or more areas may be generated andtransmitted to, for instance, an internal access control computingsystem 120. The instruction, signal or command may be executed to lockor unlock (e.g., activate or actuate one or more locks on one or moredoors) to permit or deny access to one or more areas via one or moredoors or other access devices.

At step 520, a determination may be made as to whether the user hascompleted his or her function at the enterprise center (e.g., that theuser device is no longer at the enterprise center or an indication thatthe user will be leaving the enterprise center). For instance, adetermination may be made as to whether user input has been receivedindicated the user is finished or has left the enterprise center, acommunication session or wireless connection may be terminated, or thelike. If not, the process may return to step 520 to re-evaluate whetheran indication of user completion has been received.

If, at step 520, an indication of user completion has been received, aninstruction, signal or command returning one or more locks to defaultsettings may be generated and transmitted to the internal access controlcomputing system 120 for execution and activation/deactivation of one ormore locks or customized access settings.

Aspects described herein provide real-time, dynamic device detection andexecution of user access control preferences. As discussed herein, thearrangements described provide for customized control of access to anenterprise center, or portion of an enterprise center, while a user isat the enterprise center. Accordingly, a user may customize a level ofprivacy provided.

In some examples, these arrangements may be used at, for instance,advanced centers that may include a vestibule having one or more ATMs orother self-service kiosks, as well as one or more interior rooms havinga door to provide access from the vestibule. In some examples, thesedoors may default to an unlocked arrangement. However, a user may desireto have the doors lock (e.g., to a person attempting to enter the roomfrom outside the room) to prevent access to unauthorized users. Thedoors may always remain unlocked to those inside the room to enableegress from the room.

In some arrangements, a user may store access preferences based on typeof enterprise center, sub-location within an enterprise center, time ofday, location of enterprise center, and the like. For instance, in somearrangements, an advanced center may be staffed (e.g., have a customerservice agent available on site) for a portion of a day (e.g., duringnormal business hours). Accordingly, a user may have different accesspreferences (e.g., may desire to lock or unlock doors to one or moreareas) when the advanced center is staffed (e.g., during business hours)than when it is unstaffed (e.g., outside of normal business hours).

The arrangements discussed herein are performed for registered users whohave provided pre-stored user access preferences. The customized useraccess preferences may be evaluated prior to storage to ensurecompliance with all local zoning laws.

In some examples, arrangements discussed herein may be used to detectunauthorized activity. For instance, if a user device is reported stolenand then is detected at an enterprise center, law enforcement may bedispatched to the enterprise center to investigate the issue. In anotherexample, if a device is detected at a particular enterprise location foran extended period of time (e.g., a threshold time over a typical timespent at the location) a staff member or law enforcement may bedispatched to investigate. In yet another example, if potentialunauthorized use is detected (e.g., a withdrawal made using a stolen ATMcard, or the like) law enforcement may be contacted.

In some arrangements, device detection may be used to implement one ormore other functions in addition to customized user access controls. Forinstance, as a user approaches a vestibule, if the registered device isdetected, the system may automatically unlock the vestibule door toenable access to the user (e.g., if another user is not inside thevestibule). In another example, detection of the registered device mayauthenticate the user to an ATM or other self-service kiosk, or mayprovide a first layer of authentication for the user.

As discussed herein, various electronic locking devices may be used tolock or secure one or more doors providing access to an enterprisecenter or to a space within the enterprise center. The electroniclocking devices (e.g., locks controlled electronically) may becontrolled via one or more computing devices, such as internal accesscontrol computing system 120. Accordingly, devices in communication withinternal access control computing system 120 may transmit instructionsto lock or unlock a door (e.g., activate or deactivate a lock on a door)in accordance with the pre-stored user preferences.

In some examples, a registered user may attach other authorized user tohis or her registration record in order to implement one or more accesspreferences for that user. For instance, a parent may identify useraccess preferences that should be initiated upon detection of a child'suser device. The access preferences initiated upon detection of thechild's device may be different from those of the parent user. In someexamples, the user may indicate preferences to only permit actions to beinitiated upon detection of both the parent device and the child device(e.g., a child cannot withdraw funds to take action without a parentpresent). In some examples, detection of a registered device associatedwith a secondary user (e.g. child) may prompt generation andtransmission of a notification of the detected device to the primaryuser (e.g., parent).

In some arrangements, biometric data may be used in conjunction withdevice detection to authenticate a user, identify user preferences,enable additional functionality, or the like.

FIG. 6 depicts an illustrative operating environment in which variousaspects of the present disclosure may be implemented in accordance withone or more example embodiments. Referring to FIG. 6 , computing systemenvironment 600 may be used according to one or more illustrativeembodiments. Computing system environment 600 is only one example of asuitable computing environment and is not intended to suggest anylimitation as to the scope of use or functionality contained in thedisclosure. Computing system environment 600 should not be interpretedas having any dependency or requirement relating to any one orcombination of components shown in illustrative computing systemenvironment 600.

Computing system environment 600 may include user customized accesscontrol computing device 601 having processor 603 for controllingoverall operation of user customized access control computing device 601and its associated components, including Random Access Memory (RAM) 605,Read-Only Memory (ROM) 607, communications module 609, and memory 615.User customized access control computing device 601 may include avariety of computer readable media. Computer readable media may be anyavailable media that may be accessed by user customized access controlcomputing device 601, may be non-transitory, and may include volatileand nonvolatile, removable and non-removable media implemented in anymethod or technology for storage of information such ascomputer-readable instructions, object code, data structures, programmodules, or other data. Examples of computer readable media may includeRandom Access Memory (RAM), Read Only Memory (ROM), ElectronicallyErasable Programmable Read-Only Memory (EEPROM), flash memory or othermemory technology, Compact Disk Read-Only Memory (CD-ROM), DigitalVersatile Disk (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium that can be used to store the desired informationand that can be accessed by user customized access control computingdevice 601.

Although not required, various aspects described herein may be embodiedas a method, a data transfer system, or as a computer-readable mediumstoring computer-executable instructions. For example, acomputer-readable medium storing instructions to cause a processor toperform steps of a method in accordance with aspects of the disclosedembodiments is contemplated. For example, aspects of method stepsdisclosed herein may be executed on a processor on user customizedaccess control computing device 601. Such a processor may executecomputer-executable instructions stored on a computer-readable medium.

Software may be stored within memory 615 and/or storage to provideinstructions to processor 603 for enabling user customized accesscontrol computing device 601 to perform various functions as discussedherein. For example, memory 615 may store software used by usercustomized access control computing device 601, such as operating system617, application programs 619, and associated database 621. Also, someor all of the computer executable instructions for user customizedaccess control computing device 601 may be embodied in hardware orfirmware. Although not shown, RAM 605 may include one or moreapplications representing the application data stored in RAM 605 whileuser customized access control computing device 601 is on andcorresponding software applications (e.g., software tasks) are runningon user customized access control computing device 601.

Communications module 609 may include a microphone, keypad, touchscreen, and/or stylus through which a user of user customized accesscontrol computing device 601 may provide input, and may also include oneor more of a speaker for providing audio output and a video displaydevice for providing textual, audiovisual and/or graphical output.Computing system environment 600 may also include optical scanners (notshown).

User customized access control computing device 601 may operate in anetworked environment supporting connections to one or more remotecomputing devices, such as computing devices 641 and 651. Computingdevices 641 and 651 may be personal computing devices or servers thatinclude any or all of the elements described above relative to usercustomized access control computing device 601.

The network connections depicted in FIG. 6 may include Local AreaNetwork (LAN) 625 and Wide Area Network (WAN) 629, as well as othernetworks. When used in a LAN networking environment, user customizedaccess control computing device 601 may be connected to LAN 625 througha network interface or adapter in communications module 609. When usedin a WAN networking environment, user customized access controlcomputing device 601 may include a modem in communications module 609 orother means for establishing communications over WAN 629, such asnetwork 631 (e.g., public network, private network, Internet, intranet,and the like). The network connections shown are illustrative and othermeans of establishing a communications link between the computingdevices may be used. Various well-known protocols such as TransmissionControl Protocol/Internet Protocol (TCP/IP), Ethernet, File TransferProtocol (FTP), Hypertext Transfer Protocol (HTTP) and the like may beused, and the system can be operated in a client-server configuration topermit a user to retrieve web pages from a web-based server.

The disclosure is operational with numerous other computing systemenvironments or configurations. Examples of computing systems,environments, and/or configurations that may be suitable for use withthe disclosed embodiments include, but are not limited to, personalcomputers (PCs), server computers, hand-held or laptop devices, smartphones, multiprocessor systems, microprocessor-based systems, set topboxes, programmable consumer electronics, network PCs, minicomputers,mainframe computers, distributed computing environments that include anyof the above systems or devices, and the like that are configured toperform the functions described herein.

FIG. 7 depicts an illustrative block diagram of workstations and serversthat may be used to implement the processes and functions of certainaspects of the present disclosure in accordance with one or more exampleembodiments. Referring to FIG. 7 , illustrative system 700 may be usedfor implementing example embodiments according to the presentdisclosure. As illustrated, system 700 may include one or moreworkstation computers 701. Workstation 701 may be, for example, adesktop computer, a smartphone, a wireless device, a tablet computer, alaptop computer, and the like, configured to perform various processesdescribed herein. Workstations 701 may be local or remote, and may beconnected by one of communications links 702 to computer network 703that is linked via communications link 705 to user customized accesscontrol server 704. In system 700, user customized access control server704 may be a server, processor, computer, or data processing device, orcombination of the same, configured to perform the functions and/orprocesses described herein. Server 704 may be used to receiveregistration information, detect devices, receive and analyze userand/or location data, identify an enterprise center, evaluate anenterprise center, retrieve user preferences, generate instructionsbased on user preferences, and the like.

Computer network 703 may be any suitable computer network including theInternet, an intranet, a Wide-Area Network (WAN), a Local-Area Network(LAN), a wireless network, a Digital Subscriber Line (DSL) network, aframe relay network, an Asynchronous Transfer Mode network, a VirtualPrivate Network (VPN), or any combination of any of the same.Communications links 702 and 705 may be communications links suitablefor communicating between workstations 701 and user customized accesscontrol server 704, such as network links, dial-up links, wirelesslinks, hard-wired links, as well as network types developed in thefuture, and the like.

One or more aspects of the disclosure may be embodied in computer-usabledata or computer-executable instructions, such as in one or more programmodules, executed by one or more computers or other devices to performthe operations described herein. Generally, program modules includeroutines, programs, objects, components, data structures, and the likethat perform particular tasks or implement particular abstract datatypes when executed by one or more processors in a computer or otherdata processing device. The computer-executable instructions may bestored as computer-readable instructions on a computer-readable mediumsuch as a hard disk, optical disk, removable storage media, solid-statememory, RAM, and the like. The functionality of the program modules maybe combined or distributed as desired in various embodiments. Inaddition, the functionality may be embodied in whole or in part infirmware or hardware equivalents, such as integrated circuits,Application-Specific Integrated Circuits (ASICs), Field ProgrammableGate Arrays (FPGA), and the like. Particular data structures may be usedto more effectively implement one or more aspects of the disclosure, andsuch data structures are contemplated to be within the scope of computerexecutable instructions and computer-usable data described herein.

Various aspects described herein may be embodied as a method, anapparatus, or as one or more computer-readable media storingcomputer-executable instructions. Accordingly, those aspects may takethe form of an entirely hardware embodiment, an entirely softwareembodiment, an entirely firmware embodiment, or an embodiment combiningsoftware, hardware, and firmware aspects in any combination. Inaddition, various signals representing data or events as describedherein may be transferred between a source and a destination in the formof light or electromagnetic waves traveling through signal-conductingmedia such as metal wires, optical fibers, or wireless transmissionmedia (e.g., air or space). In general, the one or morecomputer-readable media may be and/or include one or more non-transitorycomputer-readable media.

As described herein, the various methods and acts may be operativeacross one or more computing servers and one or more networks. Thefunctionality may be distributed in any manner, or may be located in asingle computing device (e.g., a server, a client computer, and thelike). For example, in alternative embodiments, one or more of thecomputing platforms discussed above may be combined into a singlecomputing platform, and the various functions of each computing platformmay be performed by the single computing platform. In such arrangements,any and/or all of the above-discussed communications between computingplatforms may correspond to data being accessed, moved, modified,updated, and/or otherwise used by the single computing platform.Additionally or alternatively, one or more of the computing platformsdiscussed above may be implemented in one or more virtual machines thatare provided by one or more physical computing devices. In sucharrangements, the various functions of each computing platform may beperformed by the one or more virtual machines, and any and/or all of theabove-discussed communications between computing platforms maycorrespond to data being accessed, moved, modified, updated, and/orotherwise used by the one or more virtual machines.

Aspects of the disclosure have been described in terms of illustrativeembodiments thereof. Numerous other embodiments, modifications, andvariations within the scope and spirit of the appended claims will occurto persons of ordinary skill in the art from a review of thisdisclosure. For example, one or more of the steps depicted in theillustrative figures may be performed in other than the recited order,one or more steps described with respect to one FIG. may be used incombination with one or more steps described with respect to anotherfigure, and/or one or more depicted steps may be optional in accordancewith aspects of the disclosure.

What is claimed is:
 1. A computing platform, comprising: at least oneprocessor; a communication interface communicatively coupled to the atleast one processor; and memory storing computer-readable instructionsthat, when executed by the at least one processor, cause the computingplatform to: receive, from a user device and in real-time, location dataof the user device and user data of a user of the user device; analyze,in real-time, the location data to identify a current geographiclocation of the user device; identify, based on the analyzed locationdata, an enterprise center at the current geographic location of theuser device; evaluate the identified enterprise center to determinewhether the enterprise center permits customized user access control;responsive to determining that the enterprise center does not permitcustomized user access control: maintain default access control settingsat the enterprise center; generate a notification indicating that theenterprise center does not permit customized user access control; andtransmit the generated notification to the user device; responsive todetermining that the enterprise center does permit customized useraccess control: identify, based on the user data, pre-stored user accesspreferences for locking or unlocking at least one door at the enterprisecenter; generate, based on the user access preferences, an instructionto lock or unlock at least one door at the enterprise center; andtransmit the instruction to an internal access control computing systemat the enterprise center to lock or unlock at least one door at theenterprise center.
 2. The computing platform of claim 1, whereinidentifying the pre-stored user access preferences for locking orunlocking at least one door at the enterprise center is further based ona type of enterprise center and wherein the type of enterprise center isone of: an office location, a vestibule with at least one self-servicekiosk located therein, and an advance center including at least oneself-service kiosk and at least one interior room with an access door.3. The computing platform of claim 1, wherein the generated instructionincludes a signal to actuate an electronic lock.
 4. The computingplatform of claim 1, further including instructions that, when executed,cause the computing platform to: identify, based on detection of asignal emitted from a location beacon of a plurality of location beaconsat the enterprise center, a sub-location of the user device within theenterprise center, and wherein the identifying pre-stored user accesspreferences is further based on the identified sub-location of the userdevice.
 5. The computing platform of claim 1, further includinginstructions that, when executed, cause the computing platform to:receive an indication that the user device is no longer at theenterprise center; responsive to receiving the indication that the userdevice is no longer at the enterprise center, generate an instruction toreturn one or more locks to a default setting; and transmit theinstruction to return the one or more locks to a default setting to theinternal access control computing system.
 6. The computing platform ofclaim 5, wherein the indication that the user device is no longer at theenterprise center includes user input received by the user device andtransmitted to the computing platform.
 7. The computing platform ofclaim 5, wherein the indication that the user device is no longer at theenterprise center includes termination of a wireless connection betweenthe user device and the computing platform.
 8. A method, comprising: bya computing platform comprising at least one processor, memory, and acommunication interface: receiving, in real-time, by the at least oneprocessor and from a user device, location data of the user device anduser data of a user of the user device; analyzing, in real-time and bythe at least one processor, the location data to identify a currentgeographic location of the user device; identifying, by the at least oneprocessor and based on the analyzed location data, an enterprise centerat the current geographic location of the user device; evaluating, bythe at least one processor, the identified enterprise center todetermine whether the enterprise center permits customized user accesscontrol; responsive to determining that the enterprise center does notpermit customized user access control: maintaining, by the at least oneprocessor, default access control settings at the enterprise center;generating, by the at least one processor, a notification indicatingthat the enterprise center does not permit customized user accesscontrol; and transmitting, by the at least one processor and via thecommunication interface, the generated notification to the user device;responsive to determining that the enterprise center does permitcustomized user access control: identifying, by the at least oneprocessor and based on the user data, pre-stored user access preferencesfor locking or unlocking at least one door at the enterprise center;generating, by the at least one processor and based on the user accesspreferences, an instruction to lock or unlock at least one door at theenterprise center; and transmitting, by the at least one processor andvia the communication interface, the instruction to an internal accesscontrol computing system at the enterprise center to lock or unlock atleast one door at the enterprise center.
 9. The method of claim 8,wherein identifying the pre-stored user access preferences for lockingor unlocking at least one door at the enterprise center is further basedon a type of enterprise center and wherein the type of enterprise centeris one of: an office location, a vestibule with at least oneself-service kiosk located therein, and an advance center including atleast one self-service kiosk and at least one interior room with anaccess door.
 10. The method of claim 8, wherein the generatedinstruction includes a signal to actuate an electronic lock.
 11. Themethod of claim 8, further including: identifying, by the at least oneprocessor and based on detection of a signal emitted from a locationbeacon of a plurality of location beacons at the enterprise center, asub-location of the user device within the enterprise center, andwherein the identifying pre-stored user access preferences is furtherbased on the identified sub-location of the user device.
 12. The methodof claim 8, further including: receiving, by the at least one processor,an indication that the user device is no longer at the enterprisecenter; responsive to receiving the indication that the user device isno longer at the enterprise center, generating, by the at least oneprocessor, an instruction to return one or more locks to a defaultsetting; and transmitting, by the at least one processor, theinstruction to return the one or more locks to a default setting to theinternal access control computing system.
 13. The method of claim 12,wherein the indication that the user device is no longer at theenterprise center includes user input received by the user device andtransmitted to the computing platform.
 14. The method of claim 12,wherein the indication that the user device is no longer at theenterprise center includes termination of a wireless connection betweenthe user device and the computing platform.
 15. One or morenon-transitory computer-readable media storing instructions that, whenexecuted by a computing platform comprising at least one processor,memory, and a communication interface, cause the computing platform to:receive, from a user device and in real-time, location data of the userdevice and user data of a user of the user device; analyze, inreal-time, the location data to identify a current geographic locationof the user device; identify, based on the analyzed location data, anenterprise center at the current geographic location of the user device;evaluate the identified enterprise center to determine whether theenterprise center permits customized user access control; responsive todetermining that the enterprise center does not permit customized useraccess control: maintain default access control settings at theenterprise center; generate a notification indicating that theenterprise center does not permit customized user access control; andtransmit the generated notification to the user device; responsive todetermining that the enterprise center does permit customized useraccess control: identify, based on the user data, pre-stored user accesspreferences for locking or unlocking at least one door at the enterprisecenter; generate, based on the user access preferences, an instructionto lock or unlock at least one door at the enterprise center; andtransmit the instruction to an internal access control computing systemat the enterprise center to lock or unlock at least one door at theenterprise center.
 16. The one or more non-transitory computer-readablemedia of claim 15, wherein identifying the pre-stored user accesspreferences for locking or unlocking at least one door at the enterprisecenter is further based on a type of enterprise center and wherein thetype of enterprise center is one of: an office location, a vestibulewith at least one self-service kiosk located therein, and an advancecenter including at least one self-service kiosk and at least oneinterior room with an access door.
 17. The one or more non-transitorycomputer-readable media of claim 15, wherein the generated instructionincludes a signal to actuate an electronic lock.
 18. The one or morenon-transitory computer-readable media of claim 15, further includinginstructions that, when executed, cause the computing platform to:identify, based on detection of a signal emitted from a location beaconof a plurality of location beacons at the enterprise center, asub-location of the user device within the enterprise center, andwherein the identifying pre-stored user access preferences is furtherbased on the identified sub-location of the user device.
 19. The one ormore non-transitory computer-readable media of claim 15, furtherincluding instructions that, when executed, cause the computing platformto: receive an indication that the user device is no longer at theenterprise center; responsive to receiving the indication that the userdevice is no longer at the enterprise center, generate an instruction toreturn one or more locks to a default setting; and transmit theinstruction to return the one or more locks to a default setting to theinternal access control computing system.
 20. The one or morenon-transitory computer-readable media of claim 19, wherein theindication that the user device is no longer at the enterprise centerincludes user input received by the user device and transmitted to thecomputing platform.
 21. The one or more non-transitory computer-readablemedia of claim 19, wherein the indication that the user device is nolonger at the enterprise center includes termination of a wirelessconnection between the user device and the computing platform.